cPanel Phishing Scams

Our Support team has seen a trend of customers receiving false cPanel notices claiming that their hosting or email storage is reaching capacity. These emails are asking you to log in to “fix” the problem.

Refrain from clicking on these links and DO NOT enter in your username and password on these pages.

You may receive an email that looks like:

Subject: [] WARNING The domain "" has reached their disk quota.

The email contents might look like:

cPanel Phishing Email Example

Our team thought this would be a great opportunity to educate our customers about the dangers of phishing emails and how to be diligent about this.

What is Phishing?

According to Wikipedia: “Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, credit card numbers, or other sensitive details by impersonating oneself as a trustworthy entity in a digital communication.”

How do I spot a phishing email?

It’s called phishing for a reason. The scammer is placing some bait, a trustworthy appearing email in this example, and hoping you’ll bite! They want you to click on the link and enter your username and password onto a fake login page. If you were to do this, your username and password are both potentially exposed.

Examples include:

  • An email that appears from Facebook asking you to login to re-activate your account before they delete it,
  • To open a Google document link that contains an invoice (that you aren’t expecting!), or
  • In this case, acting as your hosting administrator and claiming that your disk space is almost full and you must login to fix this.

How do I know for sure?

If you are unsure if an email is phishing or not, do not click on the link.

Instead, hover over the link to see if the web address is indeed the right website and not something suspicious. You can also switch from HTML view to Plain text in your email client settings. Changing these settings will show the real link!

cPanel Phishing Email HTML View

What should I do?

If you are still unsure if this is a phishing email, ask us!

We are happy to help you identify if this is legit or not. Send a screenshot to and our team will take a visual look at it. Do not forward this email or request to anybody!

Next, delete the email or request and let others at your business or organization know to watch out for such an email and to do the same.

I clicked on the link, now what?

We understand that these emails are confusing and misleading. If you have clicked on the link, take a deep breath and close the page.

Although we cannot do IT support for your computer itself, we highly recommend running a malware scan in case the link itself contains code to install malware. This will give you peace of mind knowing nothing further happened. If you are using Windows ensure that your Microsoft Defender Antivirus is running. Optionally, at your own discretion you could use Malwarebytes software. A free program for Windows, Mac and Android that can scan, find and remove Malware or spyware.

Note: Upon testing, our team discovered you can install this for free and you can skip entering in any personal information such as your email address.

What if I have clicked on the link AND supplied my username and password?

Run a scan and let us know immediately so we can reset your passwords as soon as possible!

What is OSM doing about this?

Our first focus is on education. We hope this information is helpful and informative! We also want to thank everyone that reached out to our support team. Together we can help identify problems, improve systems, and pass along our knowledge to help others.

Our second priority is creating distinguishing features. As this example is pretending to be a notice from cPanel, our team is working to customize our notifications with clear branding to help identify that the email was sent from our service. This change will allow customers to immediately know the information is verified and safe. 

Monday, April 26, 2021

« Back